Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-1672
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user. IBM X-Force ID: 144958.
CVSS Score
5.0
EPSS Score
0.002
Published
2018-10-01
CVE-2018-14788
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-10-01
CVE-2018-14790
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.
CVSS Score
9.8
EPSS Score
0.033
Published
2018-10-01
CVE-2018-14794
Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device does not perform a check on the length/size of a project file before copying the entire contents of the file to a heap-based buffer.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-10-01
CVE-2018-14798
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-10-01
CVE-2018-14802
Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.
CVSS Score
9.8
EPSS Score
0.029
Published
2018-10-01
CVE-2018-17846
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-10-01
CVE-2018-17847
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-10-01
CVE-2018-17848
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-10-01
CVE-2018-17852
A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detail_listing URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved